"It's time for us to change how we approach security. It's time to change the game,"
Enrique Salem told hundreds of attendees in one of his first major speaking appearances
since
assuming the top spot at Symantec last year.

Urging security managers to "operationalize" their efforts, he urged the creation of
"a bridge between day-to-day operations and security departments" to create shared plans
and goals.

"We know that the most effective programs are those that bring together security,
storage, and systems management to automate the repetitive tasks that consume most of
your time," he noted. "When you bring together these areas, it's possible to be more
proactive and policy-driven."

Security remains a struggle after all this time, he said, in large part because
administrators still perform manual analysis of threats against their systems within
carefully partitioned silos. One team configures laptops, another looks after the
datacenters, an operations team keeps an eye on routine tasks and an entirely separate
security team does vulnerability testing.

As a result, security is done piecemeal. Stand-alone products at various points within
the system hamper policy coordination, making automation of many processes nearly
impossible. Lower-level administrators end up creating de facto policy day-by-day based
on how they configure e-mail, backup and server security.

Instead of such seat-of-the-pants security planning, Salem proposes a new approach
that's "risk-based, information-centric, responsive, and workflow-driven." InternetNews.com has the rest of the story on Salem's proposal.

Please enable Javascript in your browser, before you post the comment! Now Javascript is disabled.